VMAnalyzer: Malware Semantic Analysis using Integrated CNN and Bi-Directional LSTM for Detecting VM-level Attacks in Cloud

Cloud computing is one of the most emerging field in the IT Industry which provides scalable, expandable and almost perfectly elastic software or hardware services to the users. As the scalability and elasticity of cloud computing services increases, it also increases the risk of malicious intervention into cloud. Since the number and types of malware attacks are increasing day by day, it triggers the need of an efficient, robust and scalable malware detection approach for securing virtual domains running in cloud. In this paper, we propose a dynamic analysis approach, called VMAnalyzer which applies deep learning based machine learning techniques for detecting attacks at VM-layer in cloud environment. The VMAnalyzer extracts the ordered sequence of system calls of all the monitored programs and performs the two-layer classification. In layer-1, convolutional neural network (CNN) is applied to extract and select the relevant system call sequences. A number of potentially diverse layers in CNN not only provides the architecture for important feature extraction but also take care of convolution of n-grams with full sequential modelling. The layer-1 output is fed as a input to layer-2 using pipelining. In layer-2, Bi-Directional Long Short Term Memory (LSTM) is applied for learning and detecting the behavior of malicious system call sequences. Our evaluation results demonstrate that our approach outperforms previously used methods for malware detection in cloud. The approach has been validated using University of New Maxico (UNM) dataset and results seem to be promising.

[1]  Stephen D. Wolthusen,et al.  Detecting anomalies in IaaS environments through virtual machine host system call analysis , 2012, 2012 International Conference for Internet Technology and Secured Transactions.

[2]  Yong Cai,et al.  Jointly Modeling User and Item Reviews by CNN for Multi-domain Recommendation , 2018, CCIR.

[3]  Ali Hamzeh,et al.  A survey on heuristic malware detection techniques , 2013, The 5th Conference on Information and Knowledge Technology.

[4]  Vijay Varadharajan,et al.  Securing Virtual Machines from Anomalies Using Program-Behavior Analysis in Cloud Environment , 2016, 2016 IEEE 18th International Conference on High Performance Computing and Communications; IEEE 14th International Conference on Smart City; IEEE 2nd International Conference on Data Science and Systems (HPCC/SmartCity/DSS).

[5]  Padam Kumar,et al.  An Immediate System Call Sequence Based Approach for Detecting Malicious Program Executions in Cloud Environment , 2015, Wirel. Pers. Commun..

[6]  Jon Barker,et al.  Malware Detection by Eating a Whole EXE , 2017, AAAI Workshops.

[7]  Konstantin Berlin,et al.  Deep neural network based malware detection using two dimensional binary program features , 2015, 2015 10th International Conference on Malicious and Unwanted Software (MALWARE).

[8]  Sung Wook Baik,et al.  Action Recognition in Video Sequences using Deep Bi-Directional LSTM With CNN Features , 2018, IEEE Access.